oss-sec mailing list archives

Re: invalid free in GNU ed before 1.14.1

From: Hanno Böck <hanno () hboeck de>
Date: Thu, 12 Jan 2017 13:27:09 +0100

On Thu, 12 Jan 2017 13:10:41 +0100
Florian Weimer <fweimer () redhat com> wrote:

There is red/ed -r.  I wouldn't rely on it for security isolation,
but the functionality does exist.


Oh, that's interesting.

I can confirm that it crashes also in restricted / red (-r) mode.
Therefore it should probably be considered a vulnerability.

-- 
Hanno Böck
https://hboeck.de/

mail/jabber: hanno () hboeck de
GPG: FE73757FA60E4E21B937579FA5880072BBB51E42

Current thread:

invalid free in GNU ed before 1.14.1 Hanno Böck (Jan 12)
- Re: invalid free in GNU ed before 1.14.1 Florian Weimer (Jan 12)
  - Re: invalid free in GNU ed before 1.14.1 Hanno Böck (Jan 12)
- Re: invalid free in GNU ed before 1.14.1 cve-assign (Jan 12)